Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2007:0964 - Security Advisory
Issued:
2007-10-12
Updated:
2007-10-12

RHSA-2007:0964 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenSSL packages that correct several security issues are now
available for Red Hat Enterprise 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (UDP for
instance).

The OpenSSL security team discovered a flaw in DTLS support. An attacker
could create a malicious client or server that could trigger a heap
overflow. This is possibly exploitable to run arbitrary code, but it has
not been verified (CVE-2007-4995). Note that this flaw only affects
applications making use of DTLS. Red Hat does not ship any DTLS client or
server applications in Red Hat Enterprise Linux.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Please note that the fix for the DTLS flaw involved an overhaul of the DTLS
handshake processing which may introduce incompatibilities if a new client
is used with an older server.

After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 245732 - CVE-2007-3108 RSA side-channel attack
  • BZ - 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
  • BZ - 321191 - CVE-2007-4995 openssl dtls out of order vulnerabilitiy

CVEs

  • CVE-2007-3108
  • CVE-2007-5135
  • CVE-2007-4995

References

  • http://www.openssl.org/news/secadv_20071012.txt
  • http://www.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
x86_64
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 99c3320fd3d169e9ba7d0c636433ef7e5bea23a256e820e96c8c048e98b7c752
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 8f6be3b4000e8a3c50444369484e392965a667128a2d86dc96ec64a39baea18e
openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 97e4695c151e4600fd0d2321c0a3ec8bf8da97288fec2917d61d5112fcd02351
ia64
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-0.9.8b-8.3.el5_0.2.ia64.rpm SHA-256: 47b9775d5a8803e66c92a280f443df044b9e015fc1c645fabc50fc222d678241
openssl-devel-0.9.8b-8.3.el5_0.2.ia64.rpm SHA-256: 7b625fed7ac157cf4d7db36f91f0cd262350fe7e96c3e55fef3c4efef47f017b
openssl-perl-0.9.8b-8.3.el5_0.2.ia64.rpm SHA-256: e75c2b41b34db2d0f11e3b9f73aea84b9278bf4b5c597b7b0dba9331ad1e1eeb
i386
openssl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 7c918b22b97c5af19621899bfa2e6e284e33333534d6734ec9c1f78e02fe8fd6
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: c753dfd20e4082843439fe7afbbed7ce7a1fd717d23826ea8bc2a6780c947dfe

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
x86_64
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 99c3320fd3d169e9ba7d0c636433ef7e5bea23a256e820e96c8c048e98b7c752
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 8f6be3b4000e8a3c50444369484e392965a667128a2d86dc96ec64a39baea18e
openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 97e4695c151e4600fd0d2321c0a3ec8bf8da97288fec2917d61d5112fcd02351
i386
openssl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 7c918b22b97c5af19621899bfa2e6e284e33333534d6734ec9c1f78e02fe8fd6
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: c753dfd20e4082843439fe7afbbed7ce7a1fd717d23826ea8bc2a6780c947dfe

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
x86_64
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 99c3320fd3d169e9ba7d0c636433ef7e5bea23a256e820e96c8c048e98b7c752
openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 97e4695c151e4600fd0d2321c0a3ec8bf8da97288fec2917d61d5112fcd02351
i386
openssl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 7c918b22b97c5af19621899bfa2e6e284e33333534d6734ec9c1f78e02fe8fd6
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: c753dfd20e4082843439fe7afbbed7ce7a1fd717d23826ea8bc2a6780c947dfe

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
s390x
openssl-0.9.8b-8.3.el5_0.2.s390.rpm SHA-256: 0d3c7d3ab9040cede66c8ba2e3b5604f0f9df92b07df30432d802f4dc717310a
openssl-0.9.8b-8.3.el5_0.2.s390x.rpm SHA-256: 3f582772ac2a0d40e69ded3dbcb1a339e5bbb5b680185a021724808e9c9e5639
openssl-devel-0.9.8b-8.3.el5_0.2.s390.rpm SHA-256: 93ae7e7c671e80e34a45dc394555ae669acdc6b71c6e3b4646de31001bb30407
openssl-devel-0.9.8b-8.3.el5_0.2.s390x.rpm SHA-256: dc0e37a3c8f5b8f22ce939ae078cf6a5ded795a91b51b35d54a90c9333996a96
openssl-perl-0.9.8b-8.3.el5_0.2.s390x.rpm SHA-256: 5d691bb3ebcf96f96cf15ff384e65a8384f64f72bcc72bfa8f8e7fd3eeed3597

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
ppc
openssl-0.9.8b-8.3.el5_0.2.ppc.rpm SHA-256: 3c907e78997b9f10fce52fa81c8a723e6172b6d4a33fc17eea529d55ca037312
openssl-0.9.8b-8.3.el5_0.2.ppc64.rpm SHA-256: 5565620977c3b910e44c11aeb0d488f3a28449dace6bb331cd07b06214ed2e32
openssl-devel-0.9.8b-8.3.el5_0.2.ppc.rpm SHA-256: 1670e5cf42e6a5577342e4568c9c748c2468d6f513e78d13bf2cd193577aa150
openssl-devel-0.9.8b-8.3.el5_0.2.ppc64.rpm SHA-256: 970edbc7543f2f5c4e0bf169615d8a02cf60e07f370575927618b1f7f0aea9b7
openssl-perl-0.9.8b-8.3.el5_0.2.ppc.rpm SHA-256: be14ad7df4973949f0b370d8c8f39a42bd012c7808fb1187b1da2586d73ca2ae

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8b-8.3.el5_0.2.src.rpm SHA-256: ea1d70a0ab0cb69a4f860fac156c69444a8f23db8cfd5a0f7b788f7d6f7ce5de
x86_64
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 99c3320fd3d169e9ba7d0c636433ef7e5bea23a256e820e96c8c048e98b7c752
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 8f6be3b4000e8a3c50444369484e392965a667128a2d86dc96ec64a39baea18e
openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm SHA-256: 97e4695c151e4600fd0d2321c0a3ec8bf8da97288fec2917d61d5112fcd02351
i386
openssl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 7c918b22b97c5af19621899bfa2e6e284e33333534d6734ec9c1f78e02fe8fd6
openssl-0.9.8b-8.3.el5_0.2.i686.rpm SHA-256: e87188d2ad490603103ff694d6fe7ba0a2dd46a2385fc9ab36b4c1c29cc9bbce
openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: 04ee2670a1a73116af26d9e48116a637d25429151ca29f14bc56eff18ea05419
openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm SHA-256: c753dfd20e4082843439fe7afbbed7ce7a1fd717d23826ea8bc2a6780c947dfe

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility